Get this Net+ CertiGuide for your own computer. |
Click Here! Use coupon code "certiguide" to save 20%! (Expires 2004/12/31) |
|
NEW! Network+ N11-003 2005 Beta Exam Study Guide - Just $9! |
Get It Here! |
|
|
X Firewalls
By definition, a firewall filters
and controls data between networks. The most typical firewall
installation occurs between the corporate LAN and the Internet.
With both the cost and installation headache of installing
firewalls dropping rapidly, firewalls are being installed
between sensitive areas and the rest of the company. Firewalls used
to be the province of large companies with $20,000 or more to spend
on protecting their network, and a very security-savvy network engineer
on site. In recent years, simplified low-end firewalls have become
available for home and SOHO (small office/home office) users as well,
and are frequently used to protect home networks connected to the Internet
via an always-on (dial-up not required) technology such as DSL or cable
Internet.
Firewalls limit damage
A firewall offers protection from networks that have low trust or have high security needs. A classic example is the Internet and the corporate LAN. |
Using a firewall, you can set up
rules to control access to your LAN by certain types of traffic from
out on the Internet, based on a variety of criteria. You might choose
to deny incoming traffic if its source IP address matches that of a
site with whom youve had cracker problems in the past.
Or you might choose to deny incoming traffic on the ftp (or any other
Internet service) port, if you dont want users on the Internet
to access that service on your Internet-connected system.
If incoming traffic for a particular
port is blocked, an outside user trying to access the service at that
port (for example, port 80 for http or 23 for telnet) will see their
application hang, waiting for access, or simply return a not accessible
message, depending on the firewall being used.
Configure firewall correctly or no joy
If a network uses a firewall, and clients on that network cannot access Internet hosts by name, but can access them by numeric IP address, the firewall might be blocking incoming or outgoing traffic on TCP/IP port 53, the DNS port. |
Just as firewalls can be used to
block traffic coming in, they can also be used to block traffic going
out. For instance, a company might desire to prevent its employee users
from accessing their personal electronic mailbox at their personal ISP,
over the corporate Internet connection. To do this, they could deny
outgoing traffic on their LAN, which is destined for ports 110 (POP3)
and 25 (SMTP) on Internet systems outside their network. The author
has even heard of ftp transfers out to sites on the Internet being blocked
by software development companies who take every possible step to make
sure that their source code does not get distributed outside their organization.
Quick navigation to subsections and regular topics in this section
|
If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Network+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support! |
|
|
Home -
Table Of Contents - Contact Us
CertiGuide for Network+ (http://www.CertiGuide.com/netplus/) on CertiGuide.com
Version 1.0 - Version Date: November 7, 2004
Adapted with permission from a work created by Tcat Houser and Helen O’Boyle.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.
|